| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Jan 2016 18:03:58 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 0/6] Netfilter fixes for net
Hi David,
The following patchset contains Netfilter fixes for your net tree, they
are:
1) Fix accidental 3-times le/be conversion for 64-bits in nft_byteorder,
from Florian Westphal.
2) Get rid of defensive cidr = 0 check in the ipset hash:netiface set
type which doesn't allow valid 0.0.0.0/0 elements, also from Florian.
3) Relocate #endif in nft_ct counter support, this doesn't have any
relation with labels.
4) Fix TCPMSS target for IPv6 when skb has CHECKSUM_COMPLETE, from
Eric Dumazet.
5) Fix netdevice notifier leak from the error path of nf_tables_netdev.
6) Safe conntrack hashtable resizing by introducing a global lock and
synchronize all buckets to avoid going over the maximum number of
preemption levels, from Sasha Levin.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit f1640c3ddeec12804bc9a21feee85fc15aca95f6:
bgmac: fix a missing check for build_skb (2016-01-13 00:24:14 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to b16c29191dc89bd877af99a7b04ce4866728a3e0:
netfilter: nf_conntrack: use safer way to lock all buckets (2016-01-20 14:15:31 +0100)
----------------------------------------------------------------
Eric Dumazet (1):
netfilter: xt_TCPMSS: handle CHECKSUM_COMPLETE in tcpmss_tg6()
Florian Westphal (2):
netfilter: nft_byteorder: avoid unneeded le/be conversion steps
netfilter: ipset: allow a 0 netmask with hash_netiface type
Pablo Neira Ayuso (2):
netfilter: nft_ct: keep counters away from CONFIG_NF_CONNTRACK_LABELS
netfilter: nf_tables_netdev: fix error path in module initialization
Sasha Levin (1):
netfilter: nf_conntrack: use safer way to lock all buckets
include/net/netfilter/nf_conntrack_core.h | 8 +++----
net/netfilter/ipset/ip_set_hash_netiface.c | 4 ----
net/netfilter/nf_conntrack_core.c | 38 ++++++++++++++++++++++--------
net/netfilter/nf_conntrack_helper.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 2 +-
net/netfilter/nf_tables_netdev.c | 8 +++----
net/netfilter/nfnetlink_cttimeout.c | 4 ++--
net/netfilter/nft_byteorder.c | 6 ++---
net/netfilter/nft_ct.c | 2 +-
net/netfilter/xt_TCPMSS.c | 9 +++++--
10 files changed, 49 insertions(+), 34 deletions(-)
Powered by blists - more mailing lists